The  IBM  System  x3550  M3  Express.  Ilmi 

When  the  downturn  ends,  the  upside  begins.  I|l|j| 

With  new  opportunities  ahead,  now  is  the  time  to  invest  in  a  faster,  more  powerful  iPlI* 

server:  the  IBM*  System  x3550  M3  Express*  server,  powered  by  the  Intel*  Xeon*  |M  ^ 

processor  5600  series.  By  replacing  your  aging  servers,  the  x3550  M3  can  help  you  ■  • 

reduce  operating  costs,  increase  efficiency  and  respond  to  customers  more  quickly.  I M  ^  ^  ^ 


IBM  System  x3550  M3  Express 

$3,299 

or  $84/mcin»i  lor  36  monlhs' 


IBM  System  x3650  M3  Express 

$3,065 

or  $78/nx)nlti  lor  36  months' 


1U  dual-socket  sen.'er  featuring  up  to  2  Intel*  Xeon*  processor  56i 
18  DIMM  sockets  1333MH2  DDR-3  (18  RDIMMs,  144GB  max) 

IBM  System  Storage  DS3200  Express 

$6,495 

or$165/moothf( 

PN:  172622X 

Extern^  Disk  Storage  with  3  Gbps  Serid  Attached  SCSI  (SAS)  interlace  techno 
Scalable  up  to  7.2TB  Of  storage  capacity  with  600GB  hot-swappable  SAS  disks 


e  for  yourself. 

1  you  could  be  saving -in  just  minutes- 
le  IBM  Systems  Consolidation  Evaluation  Tool. 

ibm.com/systems/performance 
1  866-872-3902 

(mention  6N8AH27A) 


TOUGH  QUESTION  #9 


m 


HOW  DOES  A  GLOBAL 
CONSUMER  PACKAGED  GOODS 
LEADER  PROTECT  THE  SECRETS 
OF  OVER  300  BRANDS? 


SONICWALL 

THE  ENTERPRISE. 


SONICWALl 


Perfect  Storm  Sinks  Unix  Server  Saies 


The  economic  recession  hit  the 

Unix  server  maiket  hard.  IDC  maiket- 
shaie  numbers  show  that  users  put 
off  buying  Unix  systems  in  recent 
months,  cutting  Unix's  share  of  overall  server 
spending  to  one  of  the  lowest  levels  ever. 

An  IDC  report,  released  last  month,  tallied 
worldwide  Unix  revenue  of  $2.3  billion  — 
about22%oftotalspeDdingooservers  — 
during  the  first  quarter  of  this  year.  The  Unix 
share  of  server  revenue  was  down  10.5  percent¬ 
age  points  from  the  same  quarter  a  year  earlier. 

The  latest  numbers  notwithstanding,  Unix 
still  accounts  for  a  big  portion  of  server 
revenue.  Unix  servers  are  mid-  to  high-end 
systems  that  typkrally  run  mission-critical  ap¬ 
plications,  but  they  ate  gradually  declining  in 
popularity  as  x86  servers  grow  nxrre  powerful. 
Unix  servers  may  run  one  <rf  several  Unix  vari¬ 
ants,  including  Solaris,  ADC  and  HP-UX. 

IDC  analyst  Jean  Bozman  attributed  the 
sharp  drop  in  first-quarter  Unix  server  sales  to 
a  combination  of  Actors,  including  these: 


■  The  recession  delayed  sales  of  Unix 
servers,  which  are  typically  replaced  every  five 
to  seven  years. 

■  Although  Oracle  Corp.’s  deal  to  acquire 
key  Unix  server  vendor  Sun  Mkrtrsystems  Inc. 
closed  in  January,  users  might  be  putting  off 
purchases  of  Sun  products  until  Oracle  fully 
absorbs  the  company. 

■  Users  may  be  waiting  for  Unix  server 
upgrades  from  Hewlett-Packard  Co.,  which 
recently  anrwunced  new  products  in  its  Integ¬ 
rity  line,  and  from  IBM,  which  is  expected  to 
release  new  Unix  servers  later  this  year. 

Analysts  said  it’s  too  early  to  gauge  whether 
users  ate  accelerating  a  shift  away  bom  Unix. 

Oracle  may  be  “the  biggest  question  mark, 
although  the  company  has  thrown  its  weight 
behind  Sun's  UltraSparc  Urtix  systems,”  said 
Pund-IT  Inc.  analyst  Charles  King.  “(Oracle] 
said  that  it  will  continue  developtnent,  but  it  is 
going  to  take  a  while  for  us  to  really  see  what 
the  shape  of  that  is  going  to  be." 

-  Patrick  Thihodrau 


according  to  ratings  agency  Stella- 
ServiceLLCinNewYork. 

The  firm  rated  the  150  largest  In¬ 
ternet  retailers  on  300  factors,  such 


for  great  customer  service.  Respon¬ 
dents  said  that  speed  of  delivery  is 
the  biggest  factor  in  online  shop¬ 
ping.  follovred  by  helpful  suffers 


Top-tier  national  network. 
Top-notch  local  support. 


Introducing  CenturyLink  Business 


or  call  1  866-345  0814 


Link 

Business 


U  Our  IT  employees 
had  a  lot  of 
questions.  They  flat-out 
asked, ‘What  does  this  mean 
for  me  and  my  job?’ 

DOUG  PIERCE,  GLOBAL  IT  DIRECTOR, 
MOMENTUM  WORLDWIDE 


NEWS  ANALYSIS 


IT  Staff  Must  Buy 
Into  Cloud  Moves 

In  addition  to  dealing  with  user  resistance,  CIOs  need  to 
gain  the  support  of  IT  staffers  to  successfully  switch  from 
in-house  to  cloud-based  apps.  By  Juan  Carlos  Perez 


was  very  helpful  to  our  department's  suc¬ 
cessful  transition,”  Pierce  added. 

The  IT  leaders  at  San  )ose-based  elec¬ 
tronics  manufacturer  Sanmina-SCI  Cwp. 
also  say  openness  with  employees  was 
helpful  in  moving  from  an  on-premises 
Microsoft  Outlook/Exchange  system  to 
hosted  Coo^e  Apps  offerings. 

“IT  is  becoming  more  of  a  service- 
i  need  to  oriented  organization,  providing  more 

iifrh  frnm  value-added  services,  with  less  emphasis 

men  from  on  [maintaining  in-house]  systems,  net- 

srez  works  and  architectures,"  said  Sanmina- 

SCI  QO  Manesh  Patel. 

.  Cost  was  an  important  factor  for 

Sanmina-SCI.  and  it's  what  initially  drove 
the  move  to  the  cloud,  but  Patel  said  the  company  sou^t  longer- 
term  value  by  making  its  TOO  IT  workeis  more  productive  and 
effective.  “Mjake  sure  you  communicate  those  things  and  provide 
the  vision  of  what  that  means,”  he  added. 

At  some  companies,  like  Dutalee  Fabrics  LLC  in  Bay  Shore, 

N.Y,  there  was  little  pushback  from  IT  peisonnel.  CK)  Bill  Kelly 
noted  that  the  siz-petson  staff  was  “thrilled”  that  an  overtaxed  on¬ 
premises  e-mail  system  was  replaced  with  Google  Apps.  • 

Pertz  is  a  reporter^  the  IDG  News  Service. 


Ills 


NEWS  ANALYSIS 


HP  Seeks  New  Skills 
To  Staff  Data  Centers 

Hewlett-Packard  is  cutting 9,000  IT  jobs  while  adding 
6,000  new  employees  who  have  sales  and  service- 
delivery  expertise.  By  Patrick  Thibodeau 


The  IIEAU6NIIEMT  PtAN  that  Hewlett-Packard  Co.  an¬ 
nounced  last  week  —  which  calls  for  cutting  9,000  IT 
positions  while  adding  6,000  new  employees  —  is  the 
latest  example  o(  the  changing  staffing  needs  brought 
on  by  a  shift  to  highly  automated  data  centers  that  no 
longer  require  workers  with  hands-on  IT  skills. 


with  people  who  have  expertise  in  the  sale  and  delivety  of  IT  services. 

HP  has  not  yet  specified  which  positions  are  slated  for  elimina¬ 
tion,  but  James  Suten,  an  analyst  at  Forrester  Research  Inc., 
speculated  that  they  will  most  likely  be  IT  operations  posts  like 
systems  administrators.  Most  of  the  6,000  new  hires  will  [nob- 
ably  be  IT  architecture  and  sales  experts,  he  added. 

The  company  said  the  changes  in  its  Enterprise  Services  unit 
will  take  pl^  over  several  years. 

In  a  conference  call  with  investors,  HP  executives  called  the 


realignment  the  latest  step  in  the  evolution  of  its 
services  (^ration  —  a  key  part  of  the  company 
since  its  2008  Electronic  Data  Systems  Corp.  ac¬ 
quisition,  which  brought  137,000  new  employees 

HP  said  the  restructuring  will  also  include  the 
consoUdation  of  data  centers  and  management 
platforms  that  will  eventually  allow  for  a  more 
automated  delivety  of  services  to  customers.  “We 
think  the  next  five  to  10  years  are  going  to  be  about 
who  can  best  use  technology  to  automate  the  de¬ 
livery  of  services,"  said  Arm  Livermote,  executive 
vice  president  of  HP’s  Enterprise  Business  unit. 

.  The  plan  renews  an  effiirt  launched  prior  to  the 

EDS  d^,  when  HP  cut  its  corporate  data  centers 

from  some  8s  to  six,  added  industry-standard  products  and  got  rid 

of  redundant  or  outdated  hardware  and  software. 

HP  has  gained  a  raft  of  new  data  centers  since  the  EDS  deal;  most 
were  acquired  from  customers  as  part  of  outsourcing  agreements. 

Martin  Reynolds,  an  analyst  at  Gartner  Inc.,  said  that  the  ser¬ 
vices  unit  improved  the  efficiency  of  the  acquired  data  centers, 
but  “they  ate  [still]  not  as  streamlined  as  HP  wanted  them  to  be." 

Reynolds  expects  that  HP  will  move  to  further  streamline 
those  operations  by  turning  to  x86  apfdications  for  consolidation 
and  virtualization  rather  than  mainframe  and  Unix  systems. 
“They  are  looking  to  take  all  those  nonvirtualized  x86  applica¬ 
tions  and  move  them  to  HP's  managed  environmenC  he  said. 

The  moves  may  indicate  that  HP  has  convinced  its  customers 
that  its  data  center  plans  will  ultimately  reduce  their  IT  costs.  ♦ 
Peter  Sever  and  Chrh  Kanaracus  of  the  IDG  News  Service 
contributed  Id  this  stoiy. 


We  think  the  next  five  to  10  years  ii  e :  ihl  i  !  -  ir  i 

10  oiitomate  the  delivei  v  of  services. 


Building  the  engines  of  a  Smarter  Planet; 

It’s  not  just  what  you  have. 

It’s  how  you  use  it. 

On  a  smarter  planet,  midsize  businesses  are  facing  an  explosion  of  data  within  their  organizations.  As  the  engines  of  a  smarter 
planet,  they  don't  see  this  data  as  a  burden,  but  as  a  tremendous  opportunity.  However,  they  need  the  right  tools  to  turn  that  data 
into  intelligence,  derive  meaningful  insight  and  use  it  to  take  action.  Introducing  IBM'Cognos*  Expfess™-the  first  and  only  integrated 


business  intelligence  and  planning  solution  built  and  priced  to  meet  the  needs  of  midsize  companies.  It  delivers  essential  reporting, 
analysis,  planning,  budgeting  and  forecasting  capabilities  to  gain  the  insight  needed  to  take  action,  drive  efficiency  and  identify  new 


Fred 

Brooks 

The  father  of 
the  IBM  System/360 

reveals  his  secret  for 
great  design. 

In  bifh  school,  you  wen:  One  of 
tv*o  students  they  thought  of  as 
academic!  (Five  of  my  high  schooi's 
ciass  of  90  students  went  on  to 
become  university  professors.) 
Favorite  technology: 

The  Macintosh'laptop 
Four  people  you'd  like  to  invite  to 
a  dinner  party:  C.S.  Lewis,  Gerrit 
Blaauw  (my  best  friend  in  the  worid). 
my  wife  and  John  Fairciough  (my  best 
friend  before  he  passed  on). 
Favorite  design:  My  beach  house 
is  my  all-time  favorite,  but  I’m 
very  fond  of  my  Chevrolet 
Avalanche  truck! 

Favorite  work  of  fiction: 
i.R.R.  Tolkien’s  The  Lord  of  the  Rings 


Fred  brooks  helped  define  computer  software,  in  deed  as  well  os  word.  He  served 
as  project  manager /or.  and  thus  as  “/ather”  o/.  the  IBM  S)Stem/36o  and  led  the 
design  of  its  operating  system.  In  his  classic  1975  book  ’The  Mythical  Man-Month, 
he  coined  Brooks’  Law.  which  states  that  “adding  manpower  to  0  late  software 
project  makes  it  later."  He  left  IBM  in  1964.  when  the  System/360  was  introduced,  to  start 
the  computer  science  department  at  the  Universily  0/ North  Carolina  at  Chapel  Hill.  Today, 
at  age  79.  he’s  still  teaching  and  has  published  a  new  book.  The  Design  of  Design:  Essays 
From  a  Computer  Scientist  (Addison-Wesley  Professional.  April  2010). 

You’re  famous  for  Biooks’ uw,  but  you  aho  saw  that  urtwn  hidldli*  soiRttWiif,  “yo^ 

shouM  plan  to  throw  one  away.  You  will  anyway.”  That  was  the  Erst  edition  of  The 
Mythical  Man-Month.  In  the  second  edition,  I  say  that  was  misguided!  You  ought  to 

Continued  on  page  12 
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THE  GRILL  |  FRED  BROOKS 


U  If  you're 
designing 
something 
new,  find 
and  choose  your  chief 
designer  and  trust  them 
to  do  it  their  way  instead 
of  putting  all  kinds  of 
shackles  around  them. 


CnUinued /rom  page  10 
plan  to  continually  iterate 
on  it,  not  just  build  it, 
throw  it  away  and  start 
over.  Some  of  the  things  I 
said  in  1975  were  wrong, 
and  in  the  second  edition, 
1  correct  them. 


in  year  new  book,  you 
draw  on  your  txptri- 
entesdosifninf  things 
sudiasaboachhoiisc. 
Arc  you  trying  to  got 
people  in  progrannning 
to  look  beyond  software? 
That’s  my  central  thesis. 
There  are  these  invariants 
across  mediums  in  which 
one  designs.  Let’s  try  to 
identify  these  invariants 
and  learn  from  the  older 
design  businesses. 

InIT.along-lieldbclicf 
is  that  bustocss  people 
don*tHnderstandtech- 


1  don’t  think  it  is.  It's  true 
that  some  business  people 
don’t  understand  tech  and 
some  tech  people  have 
no  interest  whatsoever  in 
business.  Butthepointy- 
beaded  boss  in  Oiibert  is  a 


some  situations  where  we  have  bosses  running  soft¬ 
ware  projects  who  don't  understand  what  software  is 
about.  I  think  that’s  no  longer  the  prevailing  situatiotL 


part  bacauso  things  haw  boconw  so  complex.  What 


you  do  is  you  start  with  a  vision  of  the  produa  and 
one  by  one  remove  the  technical  obstacles  until  it’s 
realiz^  That’s  a  nice  way  of  thinking. 

My  net  message  is.  if  you’re  designing  somethir^ 
new,  find  and  choose  your  chief  designer  and  trust 
them  to  do  it  their  way  instead  of  putting  all  kinds 
of  shackles  around  them.  Give  thra  authority  over 
what  the  design  should  be.  As  far  as  1  can  tell,  when 
[architect]  Christo{dier  Wren  was  entrusted  with 
building  those  66  churches  in  London  after  the  big 
fire  [of  1666],  they  don’t  seem  to  have  nitpicked  him. 
The  famous  Lockheed  Skunk  Works  —  they  locked 
the  door,  let  the  people  go  off.  and  they  came  back 
with  a  radar-invisible  airplatK.  We  had  watebbirds 
galore  [for  the  System/36o],  but  at  the  final  sprint,  I 
shut  them  out. 


You  also  note  Oat  orgaataadoiM  onto  bihaw  woTM 
than  individual  mcffibcn  of  the  group  wooM  on 
thairown.Wliyisthat?  1  don’t  fully  understand  that. 
There’s  something  about  peer-group  pressure  that 
encourages  people  to  cross  bounds  t^  wouldn’t 
cross  by  themselves. 


HOW  can  wa  cab  that  tordoftboMcftendancy? 

1  think  it’s  leadership.  You  train  individuals  to  have 
charaaer  enough  not  to  go  along  with  the  stream. 
And  that  has  to  be  done  at  home  and  in  the  schools. 

Whan  tha  State  of  computer  sdanca  education  hi 
tha  11.$.?  Our  Achilles’  heel  is  elementary  and  middle 
school  preparation.  We  ate  not  getting  as  many 
people  prepared  to  go  into  technology  —  and  well 
prepared  to  go  into  technology  —  as  we  should. 

I  see  some  remarkable  accomplishments  happen¬ 
ing  in  strong  schools.  But  I  see  disaster  happening 
in  many,  many  schools.  I  think  there  are  organiza¬ 
tional  reascHis  why  that’s  true.  I  think  the  teaching 
profession  is  not  paid  and  recognized  as  well  relative 
to  other  professions.  As  a  consequence,  I  don’t  think 
that  many  people  who  two  generations  ago  would 
have  gone  into  teaching  go  into  teaching  anymore. 

1  also  think  that  bureaucratic  requirements  put  on 
teachers  now  hamper  teaching  of  a  lot  of  substance. 


rate  you’re  dheuniug?  He’s  unquestionably  a  great 
designer  in  that  he  has  the  vision  of  what  the  product 
ought  to  be.  [FolarcM  fbutxler]  Ed  Land  was  the  same 
way.  Now,  what  Land  did  and  what  fobs  did  is  gather 
a  team  of  people  with  the  various  skills  to  realize  the 
vision.  Jobs  doesn’t  do  [everything],  but  be  sees  the 
things  to  be  done  and  casts  that  vision  before  a  team 
that  can  realize  it 


What  about  the  root  of  uo?  How  are  wo  fuppoMd  to 

vision  of  what  will  be  useful,  why  it  will  be  useful.  Ed 
Land  said,  in  an  armual  report  bom  Polaroid,  what 


tedwology?  The  critical  place  is  middle  school  We’re 
doing  a  lot  of  things.  Lab  visits  where  people  go  out  and 
talk  to  the  schools.  We’re  doing  science  fairs;  we  bring 


concerned  with  trying  to  get  more  people  interested. 

But  there  are  two  issues:  One  of  them  is  gettir^ 
them  interested,  and  the  other  is  seeing  to  it  that 
they  get  the  mathematics  foundation,  particularly 
in  middle  school.  If  they  didn’t  get  the  algebra  at 
the  right  time,  or  they  got  turned  off  on  science,  the 
trouble  goes  on  and  on. 

-  Interview  Wchatl  FttagwraM,  0  fn 
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\Vs  Human  Energy  Crisis 


Many  of 
the  IT  people 
I  meet  are 
exhausted. 


the  author  of 
The  New  Know: 
Innovation  Powered 
b/ Analytics  and 


of  the  IT  Leadership 
Academy  at  Florida 
State  College  at 
Jacksonville. 


ORD  ASSOCIATION  TIME:  When  I  say  “IT  energy,”  what  do  you 
think  of?  After  everything  that’s  been  written  in  the  past  couple 
of  years  about  green  IT  and  the  amount  of  electricity  that’s 
needed  to  power  data  centers,  you  probably  think  first  about  the 


cost  (rf  our  profligate  energy  consumption. 

That's  a  worthy  concern,  but  I  propose  that  the 
phrase  “IT  energy”  should  make  you  think  instead 
about  something  even  more  important:  the  vital 
human  energy  level  of  IT  leaders,  managers  and 
workers.  An  essential  question  for  all  IT  leaders 
to  ponder  is  whether  their  IT  organization  is 
exothermic  (that  is,  one  that  releases  positive 
energy)  or  endothermic  (one  that  sucks  energy  out 
of  the  enterprise).  Research  being  conducted  at 
the  IT  Leadership  Academy  and  the  CIO  Solutions 
Gallery  at  the  Fisher  CoUe^  of  Business  at  Ohio 
State  University  indicates  that  many  —  indeed, 
most  —  North  American  and  European  compa¬ 
nies  ate  focii^  a  major  human  energy  crisis  in  IT. 

Many  of  the  IT  people  I  meet  ate  exhausted. 
Head  count  is  decreasing,  and  workload  is 
increasing.  User  expectations  and  regulatory 
requirements  are  expanding  exponentially.  A 
study  analyzed  the  impact  of  multitasking  and 
determined  that  most  digitally  aware  people  now 
work  a  43  hours  a  day  (that's  not  a  typo;  it’s  serious 
multitasking).  It  is  very  understandable  that  IT 
people  are  tiled.  And  tired  is  not  a  good  thing  in 
the  hyperaccelerated  world  we  are  beading  into. 

If  we  do  not  do  something,  the  IT  fatigue  factor 
will  get  worse.  An  emerging  trend  is  for  world- 
class  organizations  to  beiKhmadt  IT  not  against 
line-of-si^  competitors  in  the  same  vertical 
iitarket,butagalnst‘bestimaginable“practitio- 
ners.  The  IT  performance  bar  is  being  raised.  The 
question  is,  will  IT  have  the  energy  to  respond? 

Best-selling  author  Malcolm  Gladwell  recently 
took  a  look  at  successful  people  in  all  disciplines. 
He  concluded,  “If  you  k)^  closely  at  CEOs  —  the 
people  at  the  very  upper  echelons  of  corporations 
—  the  thmg  that  is  most  striking  about  them  is 
their  [drysical  Stamina.  At  the  end  of  the  day,  it 


is  that  quality,  perhaps  more  than  anything  else, 
that  is  separating  them  from  us.’ 

Re-eneiT^ngrr 

Next-generation  CIOs  will  have  to  manage  and 
increase  the  human  energy  levels  of  their  teams. 
Just  as  we  meter  devices  to  determine  their  energy 
consumption,  so  too  will  IT  leaders  meter  the  people, 
processes  and  technology  sets  deployed  in  the  en¬ 
terprise  to  determine  impact  on  IT  energy  level. 

Job  I  is  to  take  advant^  of  the  economic 
downturn  and  remove  from  the  enterprise  energy 
vampires  —  people  who  are  always  negative. 

Every  organization  has  them.  One  way  energy 
vaiiqrires  suck  the  energy  out  (rf  others  is  that 
they  are  so  negative,  more  positive  people  expend 
energy  trying  not  to  spend  time  with  them. 

Job  2,  on  the  process  side,  is  to  rationalize  IT 
finances.  A  major  energy  sink  and  morale-buster 
in  many  IT  organizations  is  the  lack  of  a  decent 
IT  accounting  system.  World-class  IT  accounting 
is  very  exothermic.  Knowing  your  costs  and  the 
value  that  IT  generates  for  the  business  releases 
all  kinds  of  positive  energy.  William  Miller,  the 
controller  at  Nationwide  Services  Co.,  has  created 
a  second-to-none  IT  accouming  system.  Diane 
Bryant  and  her  team  at  Intel  armually  publish  a 
report  of  the  value  that  IT  delivers. 

And  Charlie  former  CIO  at  Frito-Lay, 

Delta  Airlines  and  Birrlington  Northern  Santa  Fe 
Railroad  and  author  of  Blind  Spot;  A  Leader’s  Guide 
to  IT-Enabkd  Business  Hunsfannalian,  sees  another 
problem.  He  believes  that  IT  has  beccxne  danger¬ 
ously  overspecialized  Having  to  work  through 

consumes  a  lot  of  energy. 

tal  in  the  rr  department  as  it  is  in  the  data  center. « 


u 


As  an  Information  Technology  leader,  Morgan  Stanley 
recognizes  the  importance  of  innovation  and  excellence 
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SECURITY: 

Oxymoron? 


Here’s  how 
some  early 
adopters 
of  cloud 
computing  are 
approaching 
the  problem. 
By  Elisabeth 
Horwitt 
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For  LOeiQ>  INC.,  the  decision  to  go 
with  a  cloud-based  provider  of  infra¬ 
structure  as  a  service  (laaS)  was  a 
matter  of  cost  and  flexibility. 

A  start-up  that  began  operations  in 
2006,  the  Toronto-based  life  reinsur¬ 
ance  management  firm  could  not 
afford  to  build  and  staff  a  data  center  from  scratch, 
according  to  David  Westgate,  Logiq*  s  vice  president 
of  technology.  So  the  company  instead  chose  cloud 
computing  and  managed  IT  services  provider  Bhie- 
Lock  LLC  to  handle  its  dau  needs. 

BhieLock’s  virtualized  environment  allowed  data 
and  volumes  to  move  between  systems  in  a  dynamic, 
low-cost  way  that  would  be  impossible  with  a  tradi¬ 
tional,  hosted  environment,  Westgate  says. 

There  were,  however,  security  concerns  to  be 
addressed  before  Logk}’ would  entrust  its  critical 
systems  to  BhieLock’s  cloud.  The  company  handles 
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Five  Tips  for  Effective 
Cloud  Security 


■  FMoutumudiasymicaB 

prmMv^MOirityinMSarasaiid 
Mnitnictara.  H  you  plan  to  work 
with  an  Intrastructure-as-a-setvice 
provider,  ask  what  tools  it  uses  to  pro- 
tea  virtual  environments. 


so  no  one  has  free  access  across  all 
security  layers. 


■  OicckwlMMcr  a  vendor  Ins 
teen  accredited  as  nMcam  S«S  70 
Type  2  and  ISO  27001  security 
standards.  If  you're  with  an  Interna¬ 
tional  company,  check  for  European 


A  crucial  first  step  is  for  cloud-based 
service  providers  and  their  potential  clients 
to  sit  down  and  determine  who  will  have 
responsibility  for  securing  and  protecting 
specific  components  of  the  IT  infrastructure, 
which  often  spans  both  companies'  systems. 

Sometimes,  particularly  with  an  laaS  pro¬ 
vider.  the  division  of  labor  is  negotiable.  For 
example.  Westgate  decided  to  let  BlueLock 
handle  Logiq^'s  patching  and  configuration 
management  because  he  was  familiar  with 
the  software  BlueLock  was  using,  a  tool  from 
Shavlik  Technologies  LLC. 

The  division  of  labor  between  Logiq*  and 
BlueLock  actually  strengthened  security, 
because  “no  one  person  or  company  has  all 
the  keys  to  the  kingdom."  says  Westgate. 
Because  BlueLock  manages  the  firewall,  for 
example,  "none  of  my  admins  can  go  in  and 


■  MnynprtipmKlbilltitili*- 


-  ELISABETH  HORWITT 


decide  to  sell  or  move  the  data."  he  notes. 
“And  BlueLock  admins  can't  do  it  either, 
because  they  don't  control  the  systems.” 

. ty  lies  with  the 


death  records,  which  include  personal  information  like  social 
security  numbers,  as  well  as  financial  data  and  information  about 
major  assets  that  its  large  financial  customers  have  on  their  books. 

Although  Logiq’  isn't  regulated  by  the  U.S.  government's  Sarfaanes- 
Oxley  Act.  its  customers  in  the  financial  sector  are.  “so  they'll  be 
auditing  us.”  says  Westgate.  As  a  result.  Lpgiq’  needed  potential 
cloud  vendors  to  demonstrate  that  they  were  in  compliance  with 
applicable  regulations  and  could  provide  high  levels  of  security. 

Logiq*  is  far  from  alone.  While  security  and  compliatKe  issues 
crop  up  in  any  Web-based  outsourcing  arrangement,  businesses 
are  justifiably  concerned  about  putting  everything  in  a  virtual¬ 
ized  cloud.  It's  a  comparatively  new  service  area  where  risks  are 
unknown  —  "which  in  itself  is  a  risk.”  says  Jay  Heiser.  an  analyst 
at  Gartner  Inc.  “If  I  can't  figure  out  how  risky  something  is.  I 


als  like  those  in  the  Cloud  Security  Alliance's  Linkedin  group. 
So  far,  there  have  been  few  instances  of  successful,  large-scale 
data  breaches  on  public  clouds.  Last 


to  set  up  the  Zeus  password-stealing 
botnet  inside  Amazon.com  Inc.'s 
ECz  cloud  computing  infrastructure 
by  first  hacking  into  a  Web  site  that 
was  hosted  on  Amazon  servers. 

In  other  words,  it's  early  days  yet 
in  the  cloud  computing  industry. 
Cloud  vendors  are,  in  some  instanc¬ 
es,  playing  catch  up  on  the  security 
front,  and  IT  managers  are  trying  to 
figure  out  exactly  what  the  risks  are 
and  how  to  counter  them. 


[Cloud  vendors]  may  have 
incredibly  secure  and  robust 
systems,  but  there’s  no 
sensible  way  to  ensure  this. 

JAY  HEISER,  ANALVST.  GARTNER  INC. 


cloud-based  service  provider  largely  depends 
on  the  type  of  service. 

With  an  laaS  setup,  the  customer  is  usually 
responsible  for  protecting  everything  above  the  middleware  and 
APIs,  including  the  applications  and  operating  system,  says  Todd 
Thiemann,  senior  directoi  of  security  vendor  Trend  Micro  Inc.'s 
data  protection  group.  The  terms  of  service  for  Amazon's  laaS 
offering,  for  example,  state  that  the  customer  is  responsible  for 
protecting  the  data  it  puts  into  the  public  cloud,  he  adds. 

In  contrast  to  laaS  arrangements,  in  software-as-a-service 
deals,  the  provider  is  usually  responsible  for  protecting  whatever 
customer  applications  and  data  reside  on  its  cloud.  That  setup 
often  works  well  for  budget-challenged  businesses,  because  it 
gives  them  access  to  advanced  security  technologies  and  re¬ 
sources  that  they  might  not  be  able  to  afford  in-house. 

IBM's  LotusLive  SaaS  offering,  for  example,  uses  “the  same  sUn- 
dards.  security,  compliance  and  governance  we  use  to  run  major 
business  systems  for  some  very  large  and  important  companies,” 
says  Sean  Poulley.  IBM's  vice  president  of  online  collaboration  ” 
services.  LotusLive  data  centers  are  protected  by  physical  and 
biometric  controls,  including  closed-circuit  TV.  Access  control  is 
handled  by  IBM's  enterprise-scale  Tivoli  software. 

However,  many  providers  of 
cloud-based  .services  —  particu¬ 
larly  SaaS  vendors  —  feel  that  their 
security  practices  and  technologies 
give  them  a  competitive  advantage, 
so  they  don't  like  to  talk  about  how 
they  approach  security.  That  means 
companies  have  to  take  the  vendor's 
word  that  its  systems  are  indeed 

“Vendors  have  done  little  to 
accommodate  security  risk  evalua¬ 
tion,”  says  Gartner's  Heiser.  “They 
Continued  on  page  zz 


Attnougn  ujgiq' isni  rcguiarca  Dy  tne  u^.  ^jvciiuucui  >  o<uwuK=r 
Oxley  Act,  its  customers  in  the  financial  sector  are,  “so  they’ll  be 
auditing  us,"  says  Westgate.  As  a  result,  Logiq*  needed  potential 
cloud  vendors  to  demonstrate  that  they  were  in  complianoe  with 
applicable  regulatkms  and  could  provide  high  levels  of  security. 

Logiq’  is  far  from  alone.  While  security  and  compliance  issues 
crop  up  in  any  Web-based  outsourcing  arrangement,  businesses 
are  justifiably  concerned  about  putting  everything  in  a  virtual¬ 
ized  cloud.  It’s  a  comparatively  new  service  area  where  risks  are 
unknown  —  “which  in  itself  is  a  risk,”  says  Jay  Heiser,  an  analyst 
at  Gartner  Inc.  “If  I  can’t  figure  out  how  risky  something  is,  I 
have  to  assume  it  isn’t  secure.” 

The  extent  to  which  backets  can  take  advantage  of  unique 
cloud  vulnerabilities  is  being  hotly  debated  among  IT  pro^ion- 
als  like  those  in  the  Cloud  Security  Alliance’s  Unkedin  group. 

So  far,  there  have  been  few  instances  of  successful,  large-scale 
data  breaches  on  public  clouds.  Last 
winter,  however,  someone  managed 
to  set  up  the  Zeus  password-stealing 


[Cloud  vendoi^  may  have 
incredMy  fMure  and  robust 
systems^  but  ffUM  no 
sensible  way  to  ensure  this. 


ons  and  operatitig  system,  says  Todd 
emann,  senior  director  of  security  vendor  ’Trend  Micro  Inc.’s 
data  protection  group.  The  terms  of  service  for  Amazon’s  laaS 
offering,  for  example,  state  that  the  customer  is  responsible  for 
protecting  the  data  it  puts  into  the  public  cloud,  he  adds. 

In  contrast  to  laaS  arrangements,  in  software-as-a-service 
deals,  the  provider  is  usually  responsible  for  protecting  whatever 
customer  applications  and  dau  reside  on  its  cloud.  That  setup 
often  works  well  for  budget-challenged  businesses,  because  it 
gives  them  access  to  advanced  security  technologies  and  re¬ 
sources  that  they  might  not  be  able  to  afford  in-house. 

IBM’s  LotusUve  SaaS  offering,  for  example,  uses  “the  same  stan¬ 
dards,  security,  comjdiance  and  governance  we  use  to  run  major 

says  Sean  BouUey,  IBM’s  vice  president  of  online  collaboration 
services.  LotusLive  daU  centers  are  prelected  by  physical  and 
biometric  controls,  including  closed-circuit  TV.  Access  control  is 
handled  by  IBM’s  enterprise-scale  Tnoli  software. 

However,  many  providers  of 
cloud-based  services  —  particu¬ 
larly  SaaS  vendors  —  feel  that  their 
security  practices  and  technologies 
give  them  a  competitive  advantage, 
so  they  don’t  like  to  talk  about  how 
they  approach  security.  ’That  means 
Q  limy  hSVG  companies  have  m  take  the  vendor’s 

word  that  its  systems  are  indeed 
secure  and  compliant. 

fninv  no  “vendors  have  done  little  to 
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A  crucial  first  step  is  for  cloud-based 
service  providers  and  their  potential  clients 
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may  have  incredibly  secure  and  robust  systems,  but  there’s  no 
sensible  way  to  ensure  this." 

Security  accrediution  stai^dards  such  as  ISO  27001  and 
SAS  70  lype  2  provide  some  assurance,  he  adds,  noting  that 
"27001  is  more  relevant  to  cloud  tecurity  issues  but  weak  when 
applied  to  new  (arms  of  technok-gy." 

Playing  Nicely  Together 

Many  SaaS  vendors  are  understandably  reluctant  to  have  a  cus¬ 
tomer  insert  third-party  security  products  into  their  proprietary 
platforms,  even  if  it’s  just  an  agent  that  would  permit  a  custom¬ 
er’s  security  system  to  interact  with  theirs. 

For  example,  Pfizer  Inc.  had  outsourced  some  security  services 
to  D3  Security  Management  Systems  Inc.  and  was  interested  in 
using  Oracle  Cocp.’s  Access  Manager  in  Dj’s  incident  management 
applicatioDS.  But  D3  expressed  concerns  about  installing  Oracle 
agents  on  its  systems,  says  Kurt  Anderson,  the  pharmaceutical 
company’s  manager  of  global  operatioos  busing  technology. 

Anderson  sdved  the  problem  by  using  Sytnplified  ItK.’s  Sin^e- 
Point  Cloud  Access  Manager,  which  does  not  use  an  agent  but 
rather  interacts  with  Ds’s  published  APIs,  he  says. 

Since  laaS  customers  technically  own  their  virtualized  slice  of 
a  vendor’s  infrastructure,  they  can  install  security  software  and 
controls.  However,  only  a  few  vendors  provide  products  that  can 
protect  both  private-  and  public-cloud-based  environments. 

One  such  product  is  Trend  Micro’s  Deep  Security  7.  Once  its 
agent  is  installed  in  a  private  or  public  cloud  infrastructure,  it 
can  perform  deep  packet  inspection,  monitor  event  logs  and 
monitor  system  activity,  such  as  file  changes,  for  unauthorized 
actions,  ’Thiemaim  says. 

Shavlik,  a  vendor  that  provides  systems 
management  for  private  cloud  installations, 
tackles  pubUc  cloud  security  from  a  difieient 
angle.  It  licenses  its  patch  and  configuration 
numagement  and  compliance-monitoring 
software  to  cloud-based  service  providers — 
including  its  own  laaS  provider,  says  Mark 
Shavlik,  the  company’s  CEO. 

Cloud-based  service  providers  are  catch¬ 
ing  on  to  the  fact  that  using  an  established 
conunerdal  security  product  can  attract 
customers.  For  Logiq^’s  Westgate,  BhieLock’s 
use  of  Shavlik’s  software  was  a  definite  selling 
point.  "I  am  very  fomiliar  with  Shavlik.  Pve 
been  using  it  for  patch  and  configuration 
management  for  years,"  he  says. 

The  dynamic,  flexible  resource  provisiooing 
that  makes  virtualization  and  cloud  services 

so  attractive  to  cost-challenged  IT  executives 

also  makes  it  difiicult  to  track  where  data  is 

located  at  any  given  time,  and  who  is  access¬ 

ing  it. ’This  is  true  in  private  clouds,  and  even 
more  so  in  public-cloud-based  systems,  where 

access  control  has  to  be  correlated  between 
the  customer  and  the  service  provider  —  and 
often  several  service  providers. 

Pfizer  uses  Symplified’s  Single  Point  Cloud 
Access  Manager  to  provide  single  sign-on 


fuirctionality  across  different  SaaS  providers  and  applications. 
When  an  end  user  moves  between  an  Oracle-  and  a  Symplified- 
managed  domain,  for  example,  be  has  to  log  on  again,  but  he  can 
use  the  same  credentials,  Anderson  says. 

Symphfied  and  Ping  Identity  Corp.  are  two  vendors  that  cur¬ 
rently  provide  single  sign-on  systems  for  both  internal  and  SaaS 
cloud-based  applications,  using  federated  identity  technology  that 
coordinates  user  identity  and  access  management  across  multiple 
systems.  However,  Anderson  feels  that  it’s  up  to  the  SaaS  vendors 
to  adopt  a  mote  holistic  and  starrdardized  form  of  access  manage¬ 
ment  so  the  customer  will  no  longer  have  to  bear  that  burden. 

Another  access  management  concern  when  dealing  with  a 
cloud-based  service  —  or  any  outsourced  service,  for  that  matter 
—  is  how  to  ensure  that  the  service  provider’s  system  administra¬ 
tors  don’t  abuse  their  access  privileges.  Again,  SaaS  customers 
don’t  have  a  lot  of  control  or  oversi^t  regarding  how  the  service 
provider  addresses  that  issue.  laaS  providers,  in  contrast,  will 
often  allow  a  customer  to  install  event  log  monitoring  software 
on  their  virtualized  portion  of  the  infrastructure. 

U)giq^  for  instance,  uses  Sentry  Metrics  Inc’s  security  event 
management  service,  which  monitors  event  logs,  performs  trend 
analysis  and  reports  on  anomalies.  So  the  Sentry  Metrics  system 
could,  for  example,  alert  Logiq’  when  a  BhieLock  administrator 
logs  on  but  hasn’t  been  given  a  specific  job  to  do,  Westgate  says. 

Customer  control  and  monitorit^  of  a  carrier’s  cloud  can  only  go 
so  far,  however,  DO  matter  what  the  type  of  service.  So  bow  do  you 
ensure  that  sensitive  dau  is  adequately  secured  and  protected? 

Service-level  agreements  with  monetary  penalties  drai’t  cut 
it,  says  Pfizer’s  Anderson,  especially  for  a  Fortune  50  company, 
since  "the  small  amount  they  get  back  is  a  pittance"  compared 

Continued  on  page  24 
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Five  Tips  for  Picking 
A  Cloud  IT  Provider 


owhif  characteristics: 


■  CooMritawiittoservice-tevcl 
acrtciiMfHs.Tlmt  a  provider  thal's 
willing  10  negotiate  an  SLA  that  meets 
your  needs.  Make  sure  you  can  live 
with  its  guaranteed  uptime,  and  don't 
pay  for  capacity  you  won't  use.  Learn 
exactly  how  you  will  be  billed. 


There's  no  security  panacea,  but  see 
if  the  vendor  can  tailor  security  to  fit 
the  specific  risks,  size  and  regulatory 


■  Fun  disclosure.  A  trustworthy 
provider  will  promptly  report  any  ma¬ 
jor  security  breaches  and  threats  -  and 
provide  details  about  its  response  plan. 


should  have  the  financial  stamina  to 
keep  your  systems  up  and  running 
for  the  long  haul.  Check  out  its  bal¬ 
ance  sheet,  investors  and  long-term 


with  the  CDSI  of  a  majtrr  security  breach. 

Therefore,  due  diligence  is  critical.  Anderson  says.  Pti/er  uses 
S.AS  70  Type  2  certiHcation,  in  which  an  independetrt  lliird  party 
audits  tlR*  service  providers  inleritai  aird  data  security  controls. 
Anderson  also  verifies  the  vendor's  level  of  compliance  with  Eu-  ■ 
rope's  Safe  liarbtir  privacy  rules,  and  In*  checks  Dun  &  Bradstrtel 
research  to  make  sure  it's  legitinrate. 

The  ISO  27001  security  standard,  for  its  part,  defines  be.st 
practices  for  designing  and  implementing  secure  and  compliant 


specific  requirements,  he  .uids. 

For  e.xample.  after  cheeking  out  BlueLtK'k's  SAS  70  Type  2 
accreditation.  Logiq*'s  IT  staff  did  a  further  evaluation  to  "make 
stiie  the  controls  we  require  are  supported  by  the  controls  they 
have  in  place."  Westgate  says.  His  team  tlien  followed  up  on 
discrep.uK-ies.  identifying  missing  controls  and  working  with  the 
vendor  tin  solutions,  Thectimpany  plans  to  repeat  the  process  at 
least  once  a  year,  he  says. 

The  Daisy  Chain 

Basic  .security  tasks  such  a.s  access  contn)i  and  rights  marugo- 
ment  becimie  ewn  more  complicaied  when,  as  often  happens, 
a  SaaS  provider  outsource.s  its  uiirastruclure  or  deveiopinent 
platform  to  another  cloud-based  service  provider  —  adding  yet 
anotlter  variable  to  the  ecpiation. 

Take  the  case  of  Cloud  CompliaiK'e  Inc.,  which  pnivides  access 


contn>l  monitoring  services  for  private  cloud 
environments.  The  company  entrusted  its 
infrastructure  to  Amazon  hcKause  it’s  the 
most  proven  service  provider,  according  to 
Cloud  Compliance  founder  Rt)bbie  Forkish. 
However,  he  acktiowlcxlge'v  tlial  tlte  arrange¬ 
ment  inlnHtuces  potential  .sc^-iirity  pn^lems. 
“Tliea*  are  certain  areas  where  we.  as  a  con¬ 
sumer  of  their  services,  need  to  fill  in  security 
capabilities  they  lack"  in  order  to  meet  Cloud 
Compliatice's  internal  security  requirements 
and  to  rc*a.ssuie  its  cu.stumers. 

For  example,  tin*  ctmipany  encrypts  data 
in  transit  atid  givt*s  customers  the  option  of 
either  encrypt ingdai.i  at  rest  —  on  Cloud 
Complianev's  Amdz<m-l)osled  servers  —  or 
not  putting  an>  data  in  the  cloud. 

Tfie  latter  option  iiwoives  a  perh)rmam'e 
hit.  since  aistotners  have  to  reupload  data  into 
the  cloud  every  time  an  application  is  run,  but 

for  A  higher  level  (»f  scrurity.  Forkish  notes. 

Cloud  C<mjj?liarKe’se\ternal  customers  do 
ask  alxMtt  Amazon's  security.  F«»rkish  says.  The 
'H  BETTS  concerns  tlKTraistschange  from  numth  to 

nwHith.  dejX'ndingon  wfiat  vulnerabilities  the 
pri*ss  has  been  writing  .ilxiut.  he  adds.  Clmid 
Compliaiwe  will  eit lu*r  aildress  their  concerns 
iw.  if  it  can't,  pass  iliem  on  to  Amazon. 

■'In  some  cases,  we  don't  gel  a  res(K»nse.  and  we  rtgure  this  is 
■  a  real  issue  but  they're  working  on  it,"  Forkish  says.  But  the  Zeus 
Iwtnet  incident  on  Amazon,  he  says,  'as  tar  as  we  can  tell,  was 
not  a  threat  over  and  above  what  we  would  expect  ftiran  Internet 
service,  cloud-baseil  or  tioi. " 

Compliance  Challenges 

Public  clouds  add  a  w  lK>Ie  new  si't  of  issues  to  regulatory  compli¬ 
ance  —  issues  that  providers,  tisers  and  regtiUtors  themselves  are 
just  starting  tc^  l<K)k  at.  HIPAA  .nul  Sarbanes-Oxley  privacy  and 
data-retemion  rt*quirements  weren't  designed  with  cloud-based 


"IT  staffs  hove  to  figure  out  new  ways  ti>  analyze  and  assess 
risk,  and  how  to  meet  compliance  ret{uin‘ments.  Forkish  mrtes. 
'Many  compliance  standards  require  being  able  to  point  to  where 
data  is.  which  is  impossible  with  a  cloud.  And  there's  legal  dis- 


done  by  a  third  party  w  ithout  your  knowledge  becau.se  it  resides 
<Hi  cI(Hid  .storage?  These  are  examples  4»f  tilings  I  think  will  be 
Wiirked  out  over  the  next  cmiple  of  years." 

Ill  the  meantime.  Forkish  suggests,  many  businesses,  espe- 

sensitive  data  to  private  ckwids  or  traditional  managed  services 
"And  maintain  the  .status  quo.'* 

And  then  there  are  t  he  pioneers,  like  Logiq^'s  Westgate.  who 
.say  s  he  .secs  cloud  computing  as  "a  natural  evtiluiion  of  how  we 
are  managing  systems."  The  key  question  about  this  evolution,  he 
says,  "is  not  why.  but  why  not? "  ♦ 

Horwitt  I'  (I  /nr/amc  n^xirfer  umi  fortiwr  Computerwiirld  .senior 
vdijnr  In  Uiihan.  .Vlu.<.v  CMifucf  lier  uf  chiincirf(ii'irri:o«.Mer. 
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with  the  cost  of  a  major  security  breach. 

Theiefbte,  due  diligence  is  critical,  Anderson  says.  PBzer  uses 
SAS  70  Type  2  certification,  in  which  an  independent  third  party 
audits  the  service  provider's  internal  and  data  security  controls. 
Anderson  also  verifies  the  vendor’s  level  of  compliance  with  Eu¬ 
rope’s  Safe  Harbor  privacy  rules,  and  be  checks  Dun  &  Bradstreet 
research  to  make  sure  it’s  legitimate. 

The  ISO  27001  security  standard,  fix  its  part,  defines  best 
practices  fi>r  designing  and  implementii^  secure  and  compliant 
IT  systems. 

While  such  standards  provide  a  useful  starting  point,  their 
criteria  tend  to  be  generic,  says  Gartner’s  Heiser.  Ormpanies 
still  need  to  match  a  service  provider’s  specific  controls  to  their 
specific  requirements,  he  ad^ 

For  example,  after  checking  out  BhieLock’s  SAS  70  Type  2 
accreditation,  Logiq^’s  IT  staff  did  a  further  evaluation  to  'make 
sure  the  controls  we  require  ate  supported  by  the  controls  they 
have  in  place,"  Westgate  says.  His  team  then  followed  up  on 
discrepancies,  identifying  missing  controls  and  working  with  the 


on  sdutkons.  The  company  plans  to  repeat  the  process  at 


The  Daisy  Chain 

Bask  security  tasks  such  as  access  control  and  rights  manage¬ 
ment  become  even  more  complicated  when,  as  often  happens, 
a  SaaS  provider  outsources  its  infrastructure  or  developmem 
platform  to  another  cloud-based  service  provider  —  adding  yet 
another  variable  to  the  equation. 

Take  the  case  of  Cloud  Compliance  Inc.,  which  provides  access 


“In  some  cases,  we  don’t  get  a  response,  and  we  figure  this  is 
a  real  issue  but  they’re  working  on  it,"  Forkish  says.  But  the  Zeus 
botnet  incident  on  Amazon,  be  says,  “as  fer  as  we  can  tell,  was 
not  a  threat  over  and  above  what  we  would  expect  fi)r  an  Internet 
service,  cloudfiased  or  not." 

Compiiance  Chailenges 

Public  clouds  add  a  whole  new  set  of  issues  to  regulatory  compli¬ 
ance  —  issues  that  providers,  users  and  regulators  themselves  are 
just  starting  to  look  at.  HIPAA  and  Sarbanes-Oxley  privacy  and 
data-retention  requirements  weren’t  designed  with  cloud-based 
services  in  mind. 

“IT  staffs  have  to  figure  out  new  ways  to  analyze  and  assess 
risk,  and  bow  to  meet  compliaiKe  requirements,"  Forkish  notes. 
“Many  com{diance  standards  requite  being  able  to  point  to  where 
data  is,  whkh  is  impossible  with  a  cloud.  And  there’s  legal  dis¬ 
covery  —  getting  access  to  dau  when  requited.  Can  discovery  be 
done  by  a  third  patty  without  your  knowledge  because  it  resides 
on  cloud  storage?  These  are  examples  of  things  I  think  will  be 
worked  out  over  the  next  couple  of  years." 

In  the  meantime,  Forkish  suggests,  many  businesses,  espe¬ 
cially  those  in  highly  regulated  industries,  will  entrust  their 
sensitive  data  to  private  clouds  or  traditional  managed  services 
“and  maintain  the  status  rpio." 

And  then  there  are  the  pioneers,  like  Logiq’’s  Westgate,  who 
says  he  sees  cloud  computing  as  “a  natural  evolution  of  how  we 

says,  “is  not  why.  but  why  not?"  ♦ 

Harwitt  is  a  freelance  reporter  ond  former  Computerwotkl  senior 
editor  based  in  Wobon.  Mass.  Cbnloct  her  al  ehoruiitt@verizon.net. 
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Growth  is  in. 

Cost  savings  is  in. 
Efficiency  is  in. 

Ketley  Blue  Book  is  in. 


Microsoft's  cloud  services  are  helping  some  of 
the  world's  leading  companies  succeM.  We're  | 


Snap  this  tag  to  get  the  latest  news 
I  on  Microsoft's  doud  services, 
i  Get  the  free  app  for  your  phone  at 


Learn  more  at  mkrosof 


Data  Center  Density  ^ 


WHY  THE 
ERA  OF 
PACKING 
MORE 
SERVERS 
INTO  THE 
SAME 
SPACE 
MAY  HAVE 
TO  END. 

BY  ROBERT  L 
MITCHELL 


Energy-Saving  Tips 
For  the  Data  Center 

RetrKhvours«rv«rs.l,i'hneviBenM,iii.,'i  -  ,i'  ■■ 
-Ae'aOeCentpriji  k  ti,i,.,N,„;LigM&Mag'c!-ii:  ;  ■  ' 

Charge  users  for  power,  not  just  space.  < i  ik  i  o  .  i  i  h  rr  i 

use  hot  aisle/cold  aisle  designs. n  :t  i;  i  ,  .  ;  ; . 

Look  for  the  most  efficiently  designed  servers.  ■  '  .V  i  . 


Consider  cold-aisle  containment. 


use  variable-speed  fans. 


Turn  on  power  management.  M 


Douse  hot  spots  with  closely  coupled  cooling. 


Retrofit  for  efficiency. 


Install  temperature  monitors. 


Turn  up  the  heat. 


Energy-Saving  Tips 
For  the  Data  center 


DATA  CENTERS 

says  Roger  Schmidt,  an  IBM  fellow  and  chief  engineer  for  daU 
center  efficiency.  “You’re  hitting  the  etrtteme  at  30  kW.  It  would 
he  a  struggle  to  go  a  whole  lot  further,"  he  says. 

Is  This  Sustainable? 

The  question  is,  what  happens  next?  “In  the  future,  are  watts 
going  up  so  high  that  clients  can’t  put  that  bo*  anywhere  in  their 
data  centers  and  c(^  with  the  power  and  cooling?  We’re  wrestling 


with  that  now,"  Schmklt  says.  Hig^-density  computing  heyond 
30  kW  will  haw  to  rely  on  water-based  cooling,  he  says.  But  other 
experts  say  that  data  center  economics  may  make  it  cheaper  for 


the  cost  per  cote  has  dropped  by  7<J%,  to  $715. 

But  ciatk  wottders  whether  continually  doubling  compute 
density  is  sustainable.  “If  you  double  the  density  on  our  current 
infrastructure,  from  a  cooling  petspectiw,  it’s  gcMt^  to  be  dif¬ 
ficult  to  manage,”  he  says. 

He’s  not  the  only  one  who’s  concerned.  For  mme  than  40 
years,  the  compirter  ittdustry’s  business  model  has  been  buik  on 
the  assumption  that  Moore’s  Law  will  prevail  and  that  compute 
density  will  double  ewry  two  years  in  perpetuity.  Ntrw  some  en¬ 
gineers  and  data  center  designers  question  whether  that’s  feasible 
—  arxl  whether  a  threshold  has  been  reached. 

The  threshold  isn’t  just  about  whether  chip  makers  can  over¬ 
come  the  technical  challenges  of  packing  transistors  even  more 
densely,  but  whether  it  will  be  ecotumical  to  tun  large  nurttbecs 
of  extremely  high  density  server  racks  in  modem  data  centers. 

’The  newest  equipment  concentrates  mote  power  into  a  smaller 
footprint  on  the  raiwd  floor,  but  the  infrastructure  needed  to 
support  every  square  foot  of  high-density  compute  space  — 
including  cooling  systems,  power  distribution  equipment,  UPSs 
and  generators  —  is  getting  proportionally  largH-. 

Data  center  managers  are  tal^  notice.  In  a  arxrq  IDC  survey 
of  1,000  IT  sites,  21%  of  the  respondents  ranked  power  and 
cooling  as  the  No.  1  rlata  center  challenge.  Nearly  half  (43%) 

had  experienced  server  downtime  as  a  direct  result  of  power  attd 

GuistianBeladyistheleadinfiastructureaichitectinMiciD- 
soft  Cotp.’s  Global  Fbundatioo  Services  group,  which  designed 
and  operates  the  comparry’s  newest  data  center  in  Quincy,  Wash. 

He  says  the  cost  ptr  square  foot  of  a  raised  floor  is  too  high.  In  the 
Quincy  data  center,  he  says,  infiastructure  costs  accounted  for  82% 
of  the  total  project.  “We’re  beyond  the  point  where  mote  density 
is  better,"  Belady  says.  “The  minute  you  double  compute  density, 
you  double  the  footprint  in  the  back  room." 

As  compute  density  per  square  foot  irrcieases,  overall  electro- 
mechanic^  costs  tend  to  stay  about  the  same,  Gross  says.  But 
becausepowerdensityalsoincteases,thetatioofelectiomechan- 
ical  floor  space  needed  to  support  a  square  foot  of  high-density 
compute  Boor  space  also  goes  up. 

IBM’s  Schmidt  says  the  cost  per  watt,  not  the  cost  per  scpiare 

Continued  on  page  30 


The  Pros  and  Cons 
Of  Hot  Data  Centers 


pvtfnanAnvini««acnliV«Hli.Hastrrnianufacturenin- 
arase  fan  speeds  for  serven  and  other  cquipniem  as  tcniperalures  exceed 
about  77  degrees  Fahrenheit  to  keep  the  processor  and  other  component 
leinperatiites  constant,  says  IBM  teiloi*  Roger  SchinIdL  At  temperatures 
above  77  degrees,  the  speed  of  fans  in  most  servers  sold  today  increases 
significantly  and  processors  suffer  higher  cutrent  leakage 


peralure  to  81.  but  going  higher  presents  chalenges  to  systems  and  compo¬ 
nent  designers.  Could  equiprnene  be  desipied  to  operate  at  higher  ternpera- 
tures?  PossUy.  Schmidt  says. 'laanulactuters  <*■  have  to  cotne  together  as 
a  group  to  deterinine  vfhether  yre  shoukl  recommend  a  higher  knit  that  viW. 
in  fact,  save  energy  at  the  data  center  level.' 

Tom  Bradicfch.  an  IBM  vice  president,  says  lhal  wllh  all  of  the  dMerent 
equipnient  hi  a  data  center,  getting  the  faclRy  optimized  kor  81  degrees  is 
difficulL  Even  gettii«  the  cornponents  in  the  boaes  MM  buHs  to  meet  the 
currerespeccanbeachalenge.'Wt^eiotliinginawottdviherevreinle- 
gratt  a  lot  of  Ihird-pvty  components.’ Bradicich  says. 'At  the  end  of  the  day. 
IBM  doesnT  male  the  microptocessor  and  other  cornponents.' 

DytMi  Larson,  direcior  of  data  center  technology  initialives  at  Intel  Corp. 
INnks  the  day  when  everything  hr  a  data  center  can  run  safely  at  81  depees 
is  sM  a  long  way  oft  Thcres  a  reaaNRy  oontern  people  haw  eihen  it 
comes  U  running  data  centers  at  htfier  ternperalutes.' he  contends. 'IM 
the  Mustry  says,  hllle'ic  going  ID  warranty  these  things  hr  tempera¬ 

tures.' vieYe  not  going  to  get  there.' 

-  ROBERT  L.  MITCHELL 
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The  1&1  server  totally  configurable  to  your  needs: 

DYNAMIC 
CLOUD  SERVER 


OFFER  ENDS  JUNE  30,  2010: 

3  MOIUTHS  FREE* 


A  powerful  virtual  server  environment 
with  full  root  access.  Adjust  the 
processor  core,  RAM,  and/or  hard 
disk  space  to  fit  your  needs.  With 
the  Dynamic  Cloud  Server,  you  can 
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Continued /nxn  page  30 
servers  are  already  exceeding  25  kW  per 
rack.  IT  has  spent  the  past  five  years  tight¬ 
ening  up  racks,  cleaning  out  raised  fioor 
spaces  and  optimizing  airfiows.  The  low- 
hanging  fiuit  is  gone  in  terms  of  energy 
efficiency  gains.  If  densities  continue  to 
rise,  conuinment  will  be  the  last  gasp  for 
computer-room  air  cooling. 

Time  for  Liquid  Cooiing? 

Some  data  centers  have  already  begun  to 
move  to  liquid  cooling  to  address  high- 
density  hot  spots.  The  most  common 
technique,  called  closely  coupled  cooling, 
involves  piping  chilled  liquid,  usually 
water  or  gl^,  into  the  middle  of  the 
raised  fioor  space  to  supply  air-to-water 
heat  exchangers  within  a  row  or  rack.  Kumar 
estimates  that  20%  of  Gartner's  corporate 
clients  use  this  type  of  liquid  coolir^  for  at  least 
some  high-density  tacks. 

IBM's  Schmidt  says  data  centers  with 
room-based  cooling  —  especially  those  that 
have  moved  to  larger  air  handlers  to  cope  with 
higher  heat  densities  —  could  save  considerable 
energy  by  moving  to  liquid  cooling. 

But  Microsoft's  Beiady  thinks  liquid's  appeal 
will  be  limited  to  a  single  niche:  hi^-perfamance  compiting 
•Dnce  you  bring  liquid  cooling  to  the  chip,  costs  start  going  up,"  he 
contends.  “Sooner  or  later,  someone  is  going  to  ask  the  question: 
Why  am  I  paying  so  much  naore  for  this  approach?” 

Tbe  best  way  to  take  the  momentum  away  from  ever-increasing 
power  density  is  to  change  the  chargeback  method  fix' dau  center 
use,  says  Bel^.  Microsofi  changed  its  cost  allocation  strategy 
and  started  billing  users  based  on  power  consumption  as  a  portion 
of  the  total  power  footprint  of  the  daU  center,  rather  than  basing 
it  on  fioor  space  and  tack  utilization.  After  that,  he  says,  "the 
whole  discussion  changed  overnight."  Power  consumption  per 
rack  started  to  dip.  “The  whole  density  thing  gets  less  interesting 
when  your  costs  are  allocated  based  on  power  consumed,"  he  says. 

Once  Microsoft  began  charging  for  power,  its  users'  locus 
changed  from  getting  the  most  processing  power  in  the  smallest 
possible  space  to  getting  the  most  perfixmance  per  watt  That 
may  or  may  not  lead  to  higher-density  choices  —  it  depends  on 
the  overall  energy  efficiency  of  the  proposed  solutions.  On  the 
other  hand,  Bela^  says,  “if  you're  charging  for  space,  the  motiva¬ 
tion  is  100%  about  density.” 

Today,  vendors  design  for  the  highest  density,  and  users  are 
often  willing  to  pay  mote  fix  a  higher-density  server  infrastruc¬ 
ture  to  save  on  fioor  space  charges,  even  when  performance  per 
watt  is  lower  because  of  added  power  distribution  and  cooling 
needs.  But  on  the  back  end,  80%  of  operating  costs  scale  with 
electricity  use  —  arxl  the  electromechanical  infrastructure 
needed  to  deliver  power  and  cool  the  equipment. 

Beiady,  who  previously  worked  on  server  des^  as  a  distin¬ 
guished  engineer  at  HP,  argues  that  IT  equipment  should  be  de- 

equipment  is  designed  to  operate  at  a  maximum  temperature  of 


81  degrees.  That's  up  from  2004,  when  the 
official  specification,  set  by  the  ASHRAE 
(American  Society  of  Heating,  Refriger¬ 
ating  and  Air-Conditioning  Engineers) 
Technical  Committee  9.9,  was  72  degrees. 

But  Beiady  says  rutming  data  center 
gear  even  hotter  than  81  degrees  could 
result  in  etKxmous  efficiency  gains. 

“Once  you  start  going  to  highs' tem¬ 
peratures,  you  open  up  new  opportunities 
to  use  outside  air  and  you  can  eliminate 
a  lot  of  the  chillers,  but  you  can't  go  as 
dense,"  be  says.  Dau  centers  in  some  parts 
of  the  courrtry  already  turn  off  (diillers  in 
the  winter  and  use  economizers,  which 
use  outside  air  arxl  air-to-air  or  air-to-wats 
heat  exchangers  to  provide  “free  cooling." 

If  IT  equipment  could  operate  at  95 
degrees,  most  daU  centers  in  the  US.  could  be 
cooled  with  air-side  economizers  almost  year- 
round,  Beiady  argues.  And,  he  adds,  “if  I  could 
operate  at  120  degrees,  I  could  run  anywhere 
in  the  world  with  no  air  ccxiditioning  require¬ 
ments.  That  would  completely  change  the 
game."  Unfortunately,  there  are  a  few  road¬ 
blocks  to  getting  there.  (See  story  on  page  30.) 

Beiady  wants  equipment  to  be  tougher,  but 
he  also  thinks  servers  are  more  resilient  than 
most  administrators  realize.  He  believes  that  the  industry  needs 
to  rethink  the  highly  controlled  environments  that  h(»t  distrib¬ 
uted  computing  systems  today. 

The  ideal  strategy,  Beiady  says,  is  to  develop  systems  that  op¬ 
timize  each  rack  for  a  specific  power  density  arrd  manage  work¬ 
loads  to  ensure  that  each  cabinet  hits  that  number  all  the  time. 

In  this  way.  both  power  and  cooling  resources  would  be  used 
efficiently,  with  no  waste  from  under-  or  overutilization.  “If  you 
don't  utilize  your  infrastructure,  that's  actually  a  bigger  problem 
frcxn  a  sustainability  standpoim  than  overutilization,"  he  says. 

What'S  Next 

Belarly  sees  a  bifurcation  coming  in  the  market.  Higb-perfixmatKe 
computing  will  go  to  liquid  cooling,  while  the  test  of  the  enter¬ 
prise  dau  center  —  and  Interrret-based  data  centers  like 
Microsoft's  —  will  suy  with  air  but  move  to  locations  where 
space  and  power  costs  ate  cheaper  so  they  can  scale  out 

Paul  Prince,  chief  technology  officer  of  the  enterprise  product 
group  at  Dell  Inc.,  doesn't  think  most  dau  centers  will  hit  the 
power-density  wall  anytime  soon.  The  average  power  density  per 
rack  is  still  manageable  with  room  air,  and  he  says  hot  aisle/cold 
aisle  designs  and  containment  systems  that  create  "superaggres- 
sive  cooling  zones"  will  help  dau  centers  keep  up.  Yes,  densities 
will  contirrue  their  gudual  upward  arc.  But,  he  says,  it  will  be 
incremental.  “I  don't  see  it  felling  off  a  clifi^” 

At  ILM,  Clark  sees  a  move  to  liquid,  in  the  form  of  closely 
coupled  cooling,  as  inevttable.  Cla^  arlmits  that  he  and  most  of 
his  peers  ate  uncomfortable  with  the  idea  of  bringing  liquid  into 
dau  centers.  But  he  thinks  that  high-performance  fecilities  will 
have  to  adapt.  “Wete  going  to  get  pushed  out  of  our  comfort  zone," 
Clark  says.  “But  we're  going  to  get  over  that  pretty  quickly."  ♦ 


We^  beyond  the 
point  where  more 
density  is  better.  The 
minute  you  double 
compute  densityy  you 
double  the  footprint 
in  the  back  room. 

CHRISTIAN  BELADYy 
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The  latest  1&1  server  solution  for  high  performance  needs: 

HEXA-CORE 

TECHNOLOGY 


MEW! 


The  ultimate  in  server  technology,  our  powerful  new  hardware 
class  is  the  perfect  solution  for  running  your  resource-intensive 
applications. 


Flash  Memory 

Get  up  to  speed  on  the  storage 
technology  inside  memory  cards, 
smartphones,  USB  sticks  and  the  new 
solid-state  drives.  By  Russell  Kay 


ing  systems;  it’s  also  used  in  computers  for  the  BIOS 
program  that  runs  at  start-up. 

HAND  flash  reads  and  writes  sequentially  at  high  speed, 
handling  data  in  small  blocks  called  pages.  This  flash  is 
used  in  solid-state  and  USB  flash  dri^  digital  cameras, 
audio  and  video  players,  atKl  TV  set-top  boxes.  NAND 

pages  of  data.  Less  expensive  than  NOR  flash,  NAND 
technology  ofiiers  higto  capacity  Cn- the  samesize  silicon. 

As  a  NAND  chip  wears  out,  erase/program  opera¬ 
tions  slow  down  considerably,  causing  more  retries  and 
bad  Mock  remapping.  Moving  many  small  files  could 
further  degrade  transfer  rates.  Catastrophic  failure 
happens  only  with  extended  use  (after  thousands  of 
writes  and  accesses):  periodic  backup  and  replacement 
forestall  this  problem. 

Flash  Applications 

USB  drivtt:  Introduced  in  2002,  USB  drives  encapsu¬ 
late  flash  with  a  memory  controller  in  a  small  package 
ofering  high  capacity,  ^  transfer  rates,  flexibility  and 
convenience;  some  feature  built-in  hardware  encryp¬ 
tion  and  password  protection.  Compared  with  flt^rpy 
or  optical  drives,  USB  flash  drives  store  more  data  and 
prxmde  easy  file  transfer  between  most  devices  with  a 
USB  interfcice. 

In  December  2004,  Computerworld  described  a  2GB 
flash  drive  that  cost  more  than  $400;  nowadays,  2GB 
devices  can  commonly  be  found  fer  under  $10.  This 
February,  Kingston  Technology  Corp.  announced  U.S. 
availability  of  a  2s6GB  flash  drive  —  the  biggest  yet — 
for  $1,100. 

■Mmorycanls:  These  have  evolved  from  the  match- 
book-size  CompactFlash  cards  introduced  in  1994 
throu^  200T5  postage-stamp-size  Secure  Digital  cards 
to  the  latest  miniSD  and  miooSD  cards,  with  higher 
capacities  and  faster  transfer  speeds  at  every  step. 

SoNd-statc  drives  The  newest  flash  memory  applica¬ 
tion,  SSDs  can  replace  a  computer's  hard  drive.  T^ 
have  no  moving  parts,  so  mechanical  feihire  is  near 
zero.  Solid-state  drives  are  quieter  and  smaller  than 
hard  drives,  and  they  provide  fester  response,  access  and 
boot-up  times  but  consume  much  less  power  and 
run  cooler.  Traditional  hard  drives  currently  oBer 
greater  capacity  and  a  fower  price,  hut  this  will  likely 
change.  Early  concerns  that  flash 
memory’s  finite  number  of  erase/ 
write  cycles  would  be  a  problem 
ire  abating  as  warranties  for 
flash-based  SSDs  approach 
those  of  hard  drives.  • 


mmgi 


eXaudios  developed  capabilities  to  understand  people's  emotions  through  their  voice 
in  real  time  as  they  speak.  Launching  at  DEMO,  this  revolutionary  new  product  is  designed 
for  call  centers  and  can  mitigate  escalations,  identify  fraudulent  situations,  provide  'howto' 
recommendations,  and  monitor  performance  by  management. 

Watch  their  award-winning  product  launch  at: 

www.demo.com/ event/ demospri  ng20 1 0/ winner 


www.exaudios.com  exaudios 


DEMO 


Up  Next:  DEMO  Fall,  2010-  September  13-15,  Hyatt  Regency  Silicon  Valley. 
For  complete  information  and  to  register,  go  to  www.demo.com 


CSO  DEMO  infcXMorid  Macworld  ktwmmu  IJHVfflPJ 
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T  Manager’s  -i 

Journal 

It  All  Comes  Down  to  Patching 


Trovible 

Ticket 


XIS  i^reed  that  we 
would  keep  on  top  of  the  security  patches 
for  the  images  used  to  deploy  new  virtual 
servers.  At  6rst  that  process  was  followed, 
but  it’s  very  easy  to  bypass  the  formal 
change-contnd  process  when  deploying 

I  as  time  went  by,  I  started  | 
ne  virtual  servers  didn’t 


But  we  could  institute  so 
sating  controls.  I  told  the  IT  department 
to  identify  the  IP  addresses  or 
names  of  PCs  that  weren't  patched  prop¬ 
erly  and  add  them  to  watch  lists  for  our 
intrusionKletection  sensors  to  monitor. 
And  because  we  don’t  have  full  IDS  cov¬ 
erage,  1  also  radeted  the  installation  of  a 

also  talking  to  our  network  team  about 
creating  a  separate  quarantine  virtual 
LAN  with  appropriate  firewall  rules  to 
protect  out  main  co 
ment  from  attacks  targeting  vulnerable 


GettheNAC 

But  even  with  these  new  policies  in 
place,  along  with  out  Web  content 
filtering,  firewalls  and  network  monitor¬ 
ing  infrastructure,  we  still  have  a  big 
problem:  We  have  no  control  over  the 
connection  of  unauthorized  devices  to 
our  netwmk.  Artyone  at  all  can  connect 
any  sort  of  device  to  out  network  —  and 
then  introduce  mahvaie  or  steal  intel¬ 
lectual  property. 

My  great  hope  is  that  we  can  imple¬ 
ment  network  access  control  some^y 
soon.  NAC  would  enable  us  to  guaran¬ 
tee  the  configuration  of  any  device  that 
attempted  to  connect  to  our  network 
(preadmission  NAC).  It  would  also 
■  ■  ‘  the  identity  of  the  user  of  that 
and  contrrd  which  resources 
that  device  could  access  (postadmission 
NAC).  NAC  is  on  my  toad  map,  but  un¬ 
fortunately,  there’s  no  funding  available 
at  this  time.  For  now,  it  is  the  Nirvana  I 

This  week’s /oumnl  is  written  a  real 
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OPINION 


Call  Center  Overuse  Is  a 
Hidden  Price  of  Cost-Cutting 


Think  twice 
before  you 
cut  your 
product 
documen¬ 
tation  and 
training 


ET’S  TALK  ABOUT  false  economy  —  in  particular,  the  false  economy 
of  cutting  or  eliminating  product  documentation  and  training  bud¬ 
gets.  When  times  are  hard  and  budgets  have  to  be  slashed,  the  line 
■  items  for  documentation  and  training  can  look  like  fat,  easy  targets. 
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Yet  cuts  in  those  areas  actually  increase  internal 
costs,  and  they  can  frustrate  external  customers 
in  ways  that  are  expensive  for  the  company. 

Internally,  cutting  off  the  source  of  information 
forces  staff  to  learn  new  systems  through  trial  and 
error,  or  by  asking  colleagues.  This  wastes  every¬ 
one’s  time  and  causes  uimecessary  frustration. 

Less  obvious  ate  the  effects  that  result  from 
your  external  customers'  encounters  with  your 
documentation  and  training  cuts.  Your  customers 
ate  accustomed  to  user-friendly  products  like  the 
iPod,  which  is  so  intuitive  that  training  and  docu¬ 
mentation  ate  virtually  unnecessary.  Faced  with  a 
complex  product  that  requires  technical  assisUnce, 
customers  expect  easy-to-locate  educational  videos 
on  the  Web,  supported  by  additional  product  in¬ 
formation.  Take  all  that  away,  and  frustrated  cus¬ 
tomers  are  likely  to  call  inst^,  looking  to  speak 
directly  with  someone  at  your  company.  Some  ate 
sure  to  look  into  competitors’ products  if  they  feel 
that  you're  not  providing  teasonahle  support. 

A  few  thousrmd  frustrated  customers  can  have  a 
big  impact  on  your  call  center,  leading  to  problems 
like  these; 

■  Hlflicrcall  volumes.  Call  centers  are 
designed  to  handle  large  numbers  of  routine  ques¬ 
tions,  not  general  product  education.  And  calls  for 
information  that  should  exist  elsewhere  increase 
call  center  vohimes  to  unpredictable  levels. 

■  Impiopcr  call  haiMUtag.  Call  center  staffers 
are  trained  to  respond  to  specific  types  of  problems, 
following  an  established  set  of  diagriostic  questions 
to  ensure  that  those  problems  are  addressed  prop¬ 
erly  and  efficiently.  Calls  for  which  there  are  no 


prepared  responses  can  fluster  staffs,  and  callers 
may  receive  inaccurate  information,  be  passed  from 
person  to  person  or,  worst  of  all,  never  obtain  the 
information  they  were  seeking. 

■  Inaccurate  metrics.  Most  call  centers 
measure  such  thirigs  as  wait  time,  talk  time  arxl 
call  abandon  rate.  Those  metrics  will  be  distorted 
for  a  call  center  deluged  with  questions  that  suff¬ 
ers  weren’t  trained  to  handle.  The  simple  act  of 
transferring  a  call  in  the  hope  of  finding  someone 
who  can  answer  a  question  can  greatly  prolong  the 
call.  And  if  you  know  that  your  call  center  is  getting 
hit  with  more  information-sedung  calls  arul  yet 
call  times  haven’t  increased  very  rmich,  it  could 
he  a  sign  that  things  ate  even  worse;  If  call  center 
compensation  is  directly  linked  to  talk  time,  some 
stairs  mi^t  be  dropping  difficult  calls  or  invent¬ 
ing  answers  just  to  cloU  calls  quickly.  That's  likely 
to  turn  frustrated  customers  into  angry  ones. 

■  liMffldcnt  us*  of  costlvrefeurcts.  Whereas 

sistent  information  for  a  finite  cost,  call  centers 
are  one  of  the  least  efficient  ways  to  help  people 
learn  to  use  a  product.  What’s  more,  accuracy  of 
information  is  dependent  on  the  knowler^  level 
of  the  particular  person  answering  the  call.  And 
inaccurate  information  may  result  in  repeat  calls. 

u  Unhappy  customers.  Customer  frustration 
often  results  in  customer  loss.  Enough  said. 

training  merely  shift  costs  to  another  department. 
Marragers  have  been  trained  to  calculate  TCO  Ibr  IT 
products.  They  need  to  similatly  calculate  the  TCS 
—  total  cost  of  support  —  ft*  their  own  products.  ♦ 


^^top  with  spider 

Network  with  spider 

publish  (tor  portab'""’""  I 

Web  with  spider  I 

Engine  for  Linux 

Engine  for  Win 


«  25-t-  full-text  and  fielded  data  search  options 
«  Buih-in  file  parsers  and  converters  highlight  hits  in  popular  file  types 
♦  Spider  supports  static  and  dynamic  web  data;  highlights  hits  with 
links,  formatting  and  images  intact 
«  API  supports  C++.  .NET,  Java,  SQU  etc  .NET  Spider  API. 

Includes  64-bit  (Win/Linux) 

«  Fully-functional  evaluations  available 

ontentjextraction.onlyJicenses,3lso.^yailable4— 


‘Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  r^ults  in  less  than  a  second'  —  InfoWorld 

dtSearch  “covers  all  data  sources ...  powerful  Web-based  engines' 
—  eWEEK 

'Lightning  fast ...  performance  was  unmatched  by  any  other  product' 
—  Redmond  Magazine 

For  hundreds  more  reviews,  and  hundreds  of  developer 
case  studies,  see  www.dtSearch.com 

1-800-IT-FINDS  •  www.dtSearch.com 


pick  the  topics, 
pick  the  sources, 
pick  the  frequency. 
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What  have  you  been  finding?  Ouarter-byquarter  skills  volatility  has 
been  in  the  29%  to  39%  range  in  the  past  year  and  a  half.  From  2005  to 
2008.  it  averaged  only  half  of  that.  This  index  has  been  swinging  back 
and  forth  by  as  much  as  10  points  over  periods  as  short  as  three  months, 
which  is  unprecedented.  As  for  the  market  values  themselves,  noncerti- 
lied  skills  have  shown  overall  gains  in  two  straight  quarters,  while  aver¬ 
age  certification  pay  has  been  on  a  steady  decline  for  lour  years  straight. 
But  as  you  dig  deeper  into  each  skill  category,  consistency  is  very  hard 
to  find.  The  truth  is  that  IT  employment  and  salaries  have  been  stabilia- 
ing.  but  pay  and  demand  for  specific  skills  and  specialized  talent  remain 
highly  volatile  and  unpredictable.  There  are  clearly  other  factors  than  the 
recession  at  work  here. 

Like  what,  for  Instance?  An  almost  seismic  shifting  to  new  IT  service 
delivery  and  sourcing  models,  for  one  thing.  CIOs  have  been  struggling 
with  this  for  years,  under  pressure  from  their  business  counterparts  to 
become  mote  agile  and  flexible,  react  faster  and  execute  more  quickly  - 
to  rise  to  the  challenge  of  becoming  a  business  impact  player.  But  there's 
risk  involved  In  organizational  and  staffing  change  of  this  magnitude. 

"Why  stick  my  neck  out?"  So  instead,  they'd  just  sort  of  rearrange  the 
furniture.  What  Ilie  downturn  has  done  is  get  IT  managers  "unstuck"  and 
motivated.  For  some,  it  is  career  opportunism.  For  the  rest,  it's  survival: 
fear  of  losing  their  jobs  if  they  don't  take  advantage  of  a  rare  window  of 
opportunity  to  start  blasting  away  at  traditional  IT  staffing  models. 


First  of  all,  how  are  you  defining  and 
measuring  volatility?  Pay  and  demand 
for  IT  skills  at  more  than  2.000  employ- 
Vorth  America  that  participate  in 


P 

cal  gauges  for  examining  trends  in  each. 
The  IT  Skills  and  Certifications  Pay  Index 
surveys  pay  premiums  earned  by  23.000 
IT  professionals  for  438  individual  techni- 
cal  and  business  skills,  both  certified  and 
*  noncertified.  Our  IT  Skills  Volatility  Index 

tells  us  what  percentage  of  these  skills  are  changing  in  market  value, 
either  up  or  down.  We  also  survey  salaries  for  nearly  100.000  IT  workers 
and  a  few  hundred  job  titles.  All  of  these  are  updated  continuously,  but 
we  tend  to  analyze  labor  market  trends  in  three-month  increments  and 
have  been  doing  so  since  1998.  We  also  slay  in  regular  conlact  with  sev¬ 
eral  hundred  IT  executives,  who  provide  us  with  deep-dive  perspective 
that  the  data  itself  cannot. 


IT  Skills 
Volatility  Index 

Companies  were  asked  what  percentage  of  16 

IT  skills  and  ceriihcations  had  changed  in  13.9% 
market  value  from  the  preceding  period. 


yyhat  are  these  new  models?  Think  skills  acquisiiion.  not  jobs  acquisi¬ 
tion.  Managed  services,  cloud  computing.  SaaS.  PaaS.  laaS.  Contractors 

bloated,  stagnating  project  portfolios.  High-performance  teaming,  not  re¬ 
liance  on  the  same  exhausted  IT  superstar  performers  to  get  the  )0b  done 
time  and  again.  Being  great  at  operational  stuff  but  having  more  impact 
in  product  development,  ideas,  innovation  and  strategic  areas  that  will 
help  businesses  survive  and  thrive  in  a  brutally  competitive,  fast-moving 
global  marketplace.  There  is  progress  being  made  out  there  right  now  by 
some  courageous  but  very  nervous  IT  executives  trying  to  engineer  this 
transition.  It's  causing  higher  volatility  in  pay  and  demand  for  skills  and 
people  as  the  natural  condition  of  a  transforming  workforce.  This  is  the  • 

new  standard  in  market  behavior  for  years  -  not  months  -  to  come. 

There’s  no  turning  hack?  We  will  never  return  to  the  sort  of  labor  mar¬ 
ketplace  for  IT  professionals  that  existed  before  2008.  But  that's  a  good 
thing.  Business  leaders  know  that  it's  not  technology  per  se  but  the  abil¬ 
ity  to  use  It  wisely  that  counts.  They  desperately  need  to  get  to  the  other 
side  of  this  IT  transformation  as  quickly  as  possible  and  get  more  of  these 
technology  hybrids  into  the  game. 
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David  Foote 

The  CEO  of  IT  muT force  ancilyst  firm 

Foote  Partners  LLC  explains 
why  hiioh  vulalility  in  ihe  1 1  labor 
and  skills  markets  will  remain 
long  after  the  economy  recovers. 


like  wlat,  for  Instance?  An  aim 

delivery  and  sourcing  nxxlels.  foi 
with  this  for  years,  under  pressui 
become  more  agile  and  flexible,  i 
to  rise  to  the  challenge  of  becomi 
risk  involved  In  organizational  an 
and  it’s  not  easy.  In  better  times. 
■Why  stick  my  neck  out?"  So  insti 
furniture.  What  the  downturn  hai 
motivated.  For  some,  it  is  career 
fear  of  losing  their  jobs  if  they  do 
opportunity  to  start  blasting  awa 

What  are  these  new  modete?TI 

tion.  Managed  services,  cloud  cm 
and  consultants,  not  full-time  hir 
bloated,  stagnating  project  portf 


Law  Firms 
IT  Consultants 
Staffing 
Agencies 

Are  you 
frequently 
placing  legal  or 
immigration 
advertisements? 

Let  us 
help  you 
put  together 
a  cost  effective 
program  that 
will  make  this 
time-consuming 
task  a  little 
easier. 


headed  for  a  job  t 
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U0.000  per  month.  Six  weeks  after  this  project  \ 


Four-Letter  Words 

At  this  semiconductor  fabrication 
facility,  they’re  ruimii*  out  of  four- 
digit  numbers.  'The  first  step  of  th 
manufacturing  process  was  to  mio 
scopicalty  etch  four-digit  serial  nur 


web  sites  -  a/f  customer-facing  < 
team-facing  access  -  crashed.  A 
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use  your  true  tale  of  IT  life. 
shart(yecomputerworld.coi 


pick  the  topics, 
pick  the  sources, 
pick  the  frequency. 


Build  your  own  no'.-.-slettt'i  f'  Utuimfj  youi  fu 
technology  topics  cloud  romixitinr)  upplc 
development,  security  over  200  timely  topics 
more  than  700  trusted  sources. 


It's  free. 

www.techdispenser.com 


An  Early  Year-End  Ritual 


This  year,  our 
predictions 
and  analysis 
won't  get  lost 
in  the  holiday 
cheer. 


The  smartest  people  in  the  tech  industry  spend  a  lot  of  their  time 
reading  tea  leaves.  Generally,  the  computer  press  doesn’t  take  part  in 
this  exercise,  but  each  New  Year’s,  virtually  every  pundit  with  a  key¬ 
board  dashes  off  a  tech  prediction  piece.  To  change  that  up  a  little. 


(his  spring  I  asked  CompulerwoHd  reporters  and  editors 
for  their  predktioiis  of  the  most  iinponant  trends  of 
the  next  year  or  so.  Here  are  some  of  their  thoughts: 

1.  Srien  IT.  Managing  IT  for  power  savings  was 
an  overhyped  notion  that  all  but  died  during  the  re¬ 
cession.  With  the  economic  recovery,  look  for  it  to 
resurge  with  far  less  PR  fonfore,  progressing  slowly 
and  always  with  an  eye  toward  business  ROI.  Green 
IT  makes  sense,  but  only  if  you're  already  investing 
in  infrastructure  changes  that  will  make  managing 

2.  amid,  doiid,  Cloud.  Talk  about  hype!  Butsoft- 
ware  as  a  service,  platform  as  a  service  and  infra¬ 
structure  as  a  service  are  all  moving  along.  It’s  still 
early  days,  but  we're  betting  that  doud  isn’t  going  to 
bum  off  and  fade  away.  Expect  slow  adoption,  with 
those  leading  the  way  celebrated  as  pioneers.  And 
virtualization  and  internal  cloud-based  shared- 
services  infrastructures  seem  more  inevitable  when 
you  think  of  them  as  just  the  next  step  on  the  path 
toward  true  server  consolidation. 

3.  Mobile  devices.  The  smartphones  and  other 
gadgets  that  have  permeated  your  organization  are 
only  the  tip  of  the  iceberg  It  doesn’t  matter  if  the 
iPad  is  a  business  device  or  not.  It’s  a  people  device, 
and  people  will  use  it  at  work.  Most  IT  shops  are  un¬ 
prepared  for  the  onslau^  of  this  coming  user-led 
revdution.  Get  ready,  or  get  mn  om. 

cations  is  where  mobile  was  lo  years  ago.  It  prom¬ 
ises  to  enhance  productivity,  but  iruich  still  needs  to 
be  hammered  out.  This  won’t  be  its  year. 

5.  Business  IntoWtence.  BI  and  analytics  hit 
their  stride  this  year.  That’s  because  the  recession 
may  have  been  the  pet^  time  for  companies  to 

lytks  tools  to  assess  whin  works  and  what  doesn’t. 


6.  Data  dc-dupUcatieo.  This  is  an  idea  whose 
adoption  is  assured  because  of  its  simplicity. 
Elirninating  redundant  dau  can  cut  storage  needs 
by  70%  to  90%,  and  that  reduces  the  overall  cost  of 
ownership  and  extends  the  life  of  storage  hardware. 
Data  tiering  and  cloud  storage  are  also  promising 

7.  EntafprlM  2.0.  Many  companies  are  just  tum¬ 
bling  to  the  fact  that  there  are  advarrtages  to  be  gained 
by  giving  employees  easy  access  to  the  expertise  and 
experience  available  throughout  the  organization. 
This  idea,  encapsulated  in  the  term  “Enterprise  2.0,” 
has  many  business  software  vendors  inserting  hits 
Web  2.0  functionality  into  their  products  to  facilitate 
information-sbaring  But  Enterprise  2.0  will  bea 
business  transformation  more  than  anything  else, 
and  IT  can  help  lead  that  transformation. 

S.  Vldeoenoferendm.  It  may  not  be  business’s 
first  choice  for  making  contact,  but  the  recession 
propelled  it  into  the  limelight  as  travel  budgets  were 
cut.  Now  it’s  mainstream.  If  your  company  isn’t 
using  videoconferencing,  it  mi^tbe  soon. 

9.  Mmtlty  mamfliBtiit  Need  I  say  more? 

This  seemingly  perpetual  IT  bearlache  should  be 
resolved  at  your  company  this  year. 

10.  Sucurlty.  It’s  just  a  matter  of  time  before  the 
world  suffers  the  next-order  security  threat.  How 
would  such  an  event  galvanize  IT  shops?  If  a  cyber¬ 
attack  against  the  U.S.  results  in  a  massive  loss  of 
data  or  puUic  services.  Congress  could  mandate 
complice  with  new  regulations  overnight. 

In  a  few  months,  we’ll  bring  you  additiooal  predic¬ 
tions  and  mote-thorou^  analy^  at  a  time  of  year 
when  they  won’t  get  lost  in  the  holiday  cheer.  We’re 
moving  Cwnputerworld’swdl-researched  and  highly 
valued  Forecast  edition  from  January  to  September. 
We  hope  that  puhUshing  it  in  the  fall  will  enable  you 
to  make  better  use  of  it  in  your  annual  budgeting  * 


You’ve  waited  iong  enough. 


The  modern  network.  Frustratingty  slow.  Unable  to  scale. 
Costly  to  manage  and  too  complicated  to  overhaul. 
Solving  these  problems  isn’t  just  a  big  thing.  At  Juniper,  it’s 
the  only  thing. 

It’s  time  to  think  about  the  network.  Where  do  you  start? 
With  the  one  company  who  thinks  about  nothing  else. 

This  singular  focus  on  network  architecture  has  led  to 
phenomenal  innovation  and  achievements  that  solve  the 
unprecedented  demands  on  data  center  capability  and 
economic  efficiency. 

In  fact,  we  are  leading  the  architectural  innovations  of  the 
networking  industry.  The  Juniper  3-2-1  architectural  approach 
to  the  data  center  radically  simplifies  the  complexity 


of  the  network  by  eliminating  the  number  of  ^ching 
layers  from  3  to  2  to  1 —the  ultimate  vision  of  a  unified, 
simplified  network  fabric. 

The  result  is  the  new  network  data  center.  Built  for  the  cloud. 
Ready  for  the  next  decade.  It's  a  revolutionary  combination 
of  simplification,  automation  and  security  that  delivers  up 
to  an  eight-fold  improvement  in  network  performance 
and  up  to  35%  reduction  in  data  center  capex. 

What  are  you  waiting  for? 


juniper 

NETWORKS 


Power  your  planet. 

We  live  on  a  planet  where  nearly  6  terabytes  of  information  are  being  exchanged  over  the  Internet  every 
second,  and  vrhere  billions  of  connected  people  are  surpassed  in  number,  only  by  trillions  of  connected 
objects  and  devices.  Why  then  is  the  average  server  in  the  average  business  running  at  only  10%  utilization? 
Itfe  hard  enough  for  businesses  to  meet  the  demands  of  a  smarter  planet  today,  much  less  the  unforeseen 
demands  of  tomorrow.  The  new  POWER?  Systems™  from  IBM  are  not  simply  sen/ers-they're  fully 
integrated  systems  with  the  ability  to  run  hundreds  of  virtual  servers,  helping  you  drive  up  to  90%  utilization. 
These  next-generation  systems  integrate  massive  parallel  processing,  throughput  computing  and  analytics 
capabilities  to  optimize  for  the  complex  workloads  of  an  increasingly  data-driven  world.  Learn  how  to 
power  your  planet  at  ibm.com/poweryourplanet 


